The Hotel Hero

Notes by a Sysadmin

Cluster | Philosophy | Stack

Ansible Vault

July 22, 2021 | Cluster

Often times it comes in handy to encrypt data, that are used for automation. Sensitive data like passwords and other credidentials for infrastructure should be handled with a certain amount of precaution.

Ansible Vault

Ansible vault is an encrypted storage to Ansible, even though it is also possible to intergrate Ansible with different kinds of password managers as ex. "pass" and others.

So, lets say you have a couple of passwords that you need to use form time to time. You could make a file like "my_secrets.enc":

pass_server1: SuperSecretPassword1
pass_server2: SuperSecretPassword2

Then you will encrypt the file:

ansible-vault encrypt my_secrets.enc

After encryption the file would look something like this:


Now, when running your playbook, you have to point (-e) to you new encrypted file with your passwords. In the following example the my_secrets.enc is located in a directory called "vault" (but, it can be created anywhere):

ansible-playbook -e @vault/my_secrets.enc --ask-vault-pass playbooks/my_playbook.yaml

Alternatively you can also create a new encrypted vault file with the create command:

ansible-vault create --vault-id @prompt secret.yml

Edit the secret file

You can either decrypt edit and encrypt, or you could use Ansible vault edit command:

# This will open Vim and make the file ready for editing.
ansible-vault edit my_secrets.enc

# or you could decrypt the file, and then edit it with another editor
ansible-vault decrypt my_secrets.enc

# and remember to encrypt it afterwards
ansible-vault encrypt my_secrets.enc


I'm a Sysadmin, network manager and cyber security entusiast. The main purpose of this public "notebook" is for referencing repetitive tasks, but it might as well come in handy to others. Windows can not be supported! But all other OS compliant with the POSIX-standard can (with minor adjustments) apply the configs on the site. It is Mac OSX, RHEL and all the Fedora based distros and Debian based (several 100's of OS's), all the BSD distros, Solaris, AIX and HP-UX.